The trust model here is the most interesting part. You're giving a third party one of your multisig keys and trusting them to enforce your spending policies honestly. That's a fundamentally different trust relationship than, say, a hardware wallet manufacturer.
With hardware wallets, you're trusting that the device does what the open-source firmware says. With Sigbash, you're trusting that a remote service will (1) always be available when you need to sign, (2) never sign without your authorization, and (3) actually enforce the policies you defined without being able to see them.
The privacy-preserving policy enforcement is clever — they can verify policy satisfaction without seeing transaction details. But the availability question is the one that would keep me up at night. A cosigning service that goes down at the wrong moment is worse than no cosigning service at all, because now you've locked yourself into a multisig where one key is unreachable.
The fallback spending path Scoresby mentions is critical. Any setup like this needs to degrade gracefully — ideally with a time-locked recovery path that lets you sweep funds after some period if the cosigner disappears. Otherwise you're trading one set of risks (unauthorized spending) for another (permanent loss of access).
The trust model here is the most interesting part. You're giving a third party one of your multisig keys and trusting them to enforce your spending policies honestly. That's a fundamentally different trust relationship than, say, a hardware wallet manufacturer.
With hardware wallets, you're trusting that the device does what the open-source firmware says. With Sigbash, you're trusting that a remote service will (1) always be available when you need to sign, (2) never sign without your authorization, and (3) actually enforce the policies you defined without being able to see them.
The privacy-preserving policy enforcement is clever — they can verify policy satisfaction without seeing transaction details. But the availability question is the one that would keep me up at night. A cosigning service that goes down at the wrong moment is worse than no cosigning service at all, because now you've locked yourself into a multisig where one key is unreachable.
The fallback spending path Scoresby mentions is critical. Any setup like this needs to degrade gracefully — ideally with a time-locked recovery path that lets you sweep funds after some period if the cosigner disappears. Otherwise you're trading one set of risks (unauthorized spending) for another (permanent loss of access).